Thrid-party trackers - who gets what?

I am a big fan of privacytools. Here, I wanna share my understanding of how 3rd-party trackers compromise our privacy – who gets what, and how they hurt us.

I am talking about the legitimate ones, such as Google Analytics, Clicky, ShareThis, Facebook SDK, etc. Actually, I have tried a couple of trackers on a static blog to get the traffic statistics.

Everybody including me hates trackers. I am not going to claim that they are good. This is by no mean my conclusion. I am open to your feedback.

Who Gets What
There are three different roles in the game of traffic analysis: 1) the website owner, 2) the vendor of the tracker, 3) the website visitors.

A. Website owner

The website owner gets the traffic statistics: unique visitors, hits, shares on social media, per page and/or the whole site, maybe some statistics of when and where the visitors come from.

The website owner DO NOT get the exact IP addresses and detailed fingerprinting of the visitors from a legit 3rd-party tracker. If the website owner owns the server, she may get those information directly from the logs, but that is not about the tracker.

B. Tracker Vendor

The vendor of the tracker gets all the detailed information of the visitors. The pages they visited, their IP addresses, browser fingerprints, even the trace of visitor’s attentions on certain page.

What’s worse, the tracker vendor gets above information of a visitor from not only one website, but all the websites using its tracker and visited by that user.

Based on these visiting trace of a user collected by the vendor of the tracker, some data mining would be applied to profile this user: what she likes, where she lives, her lifestyle, what she needs, her political preferences, etc.

The real danger of 3rd party tracker is the invasive data mining power enabled by these tracing data.

C. The visitor(s)
The visitors may get some convenience, e.g. ShareThis, along side the information and service from the website owner(s). The price they paid are their personal information and preferences. By giving those privacy to the tracker vendors, visitors are more vulnerable to manipulation.

Threats
3rd-party tracker is bad, but it is still miles away from hacking or identity theft. The website owner can not pinpoint the visitors through a legit 3rd-party tracker. Using 3rd-party tracker is totally different from fishing.

The real big threat comes from the data mining of a powerful vendor of the 3rd-party tracker, such as Google. They profit from those data by delivering ads based on user profile.

Protection

  1. Tor Browser
    As long as we visit website via Tor, giving the website fake browser fingerprinting, we are free from 3rd-party trackers. Because the threat of data mining has gone. If you are already on Tor (Browser), trackers do not get your privacy.

  2. uBlockOrigin
    If we just do regular web surfing via direct connection, uBlockOrigin or similar tool is essential. Because it prevent tracker to collect the tracing of our surfing.

Any Thoughts?

2 Likes

Someone may ask what’s the point of using uBO if it can not block every tracker. This picture gives the answer: If you can block 99% of the dots on your trace, then Amazon, Facebook, Google, and hundreds of other companies can not analyze your privacy through data mining.

Source: NYT

Thanks for your views and likes. I would really love your feedback and criticizes about my post. Because I am trying to use this thread to convince my friends who have some serious misunderstanding about the 3rd-party trackers, but she trust privacytools. Thank you!

uMatix is more powerful because it split page content into pieces so you can control it more

uMatrix is too complex for average person. uBO is easy, and you can choose to block everything in strict mode.

However, if you can block most trackers, the big data company won’t have enough data to analyze your privacy. See the timeline above.

i did and all i said is like recommendation that umatrix is more complex yes but because you can control of page more than ubo so for me i love it

what if the website is built on node.js or vue.js? what if more and more sites/elements move to js frontend? it will be burdensome to handpick elements then.

I definitely think that we need to consider about better protection against third-party websites’ trackers. And this kind of security features should be implemented on the levels of development process, in my humble opinion. Few days ago, I’ve found this article about website development cost and how they can build it, including different techniques and options, and what I can say - it’s great when a potential customer can make their choices from which options and features his or her website would be constructed.